7. Accounting

By default GNU Radius supports three types of accounting. Any
additional accounting methods can be defined using extension
mechanisms.

The accounting methods are applied to a request in a following
sequence:

System accounting

Detailed request accounting

sql accounting

Custom accounting

Any method can be enabled or disabled. Thus, you can even disable them
all, thereby disabling accounting altogether.

Notice, that the multiple login checking scheme relies on
accounting being enabled. By default it uses system accounting, but
can also be configured to use sql accounting. So, if you
disable system accounting and still wish to use reliable multiple login
checking, make sure you configure radiusd to use sql
for this purpose. See section Multiple Login Checking, for the detailed information
about the subject.

If any accounting type in this sequence fails, the accounting
is deemed to fail and all subsequent methods are not invoked.

7.1 System Accounting

Radius keeps files ‘radutmp’ and ‘radwtmp’ in its logging
directory and stores the accounting data there. The utilities
radwho and radlast can be used to list information
about users' sessions.

This accounting method is enabled by default. To disable it, use
system no statement in ‘raddb/config’. See section acct statement, for more
information. Please notice that disabling this authentication method will
disable multiple login checking as well. Refer to Multiple Login Checking, for the detailed discussion of this.

7.2 Detailed Request Accounting

Radius stores the detailed information about accounting packets it receives
in files ‘radacct/nasname/detail’ (see section Naming Conventions),
where nasname is replaced with the short name of the NAS from
the ‘raddb/naslist’ file (see section NAS List — ‘raddb/naslist’).

By default, this accounting type is always enabled, provided that
‘radacct’ directory exists and is writable
(see section Naming Conventions). To turn the detailed accounting off,
use the detail statement in the ‘config’ file. For more information
about it, see acct statement.

The accounting detail files consist of a record for each accounting
request. A record includes the timestamp and detailed
dump of attributes from the packet, e.g.:

Notice that radiusd always adds two pseudo-attributes to
detailed listings. Attribute Timestamp shows the UNIX timestamp
when radiusd has received the request. Attribute
Request-Authenticator shows the result of checking the request
authenticator. Its possible values are:

Verified

The authenticator check was successful.

Unverified

The authenticator check failed. This could mean that either the
request was forged or that the remote NAS and radiusd
do not agree on the value of the shared secret.

None

The authenticator check is not applicable for this request type.

Notice also that the so-called internal attributes by default are not
logged in the detail file. Internal attributes are those whose decimal
value is greater than 255. Such attributes are used internally by
radius and cannot be transferred via RADIUS protocol. Examples of
such attributes are Fall-Through, Hint and
Huntgroup-Name. See section Radius Internal Attributes, for detailed
listing of all internal attributes. The special attribute flag
l (lower-case ell) may be used to force logging of such
attributes (see section ATTRIBUTE statement).

7.3 sql Accounting

The sql accounting method is enabled when Radius is configured with
‘--enable-sql’ option and the ‘sqlserver’ file in its
configuration directory is properly set up (see section SQL Configuration — ‘raddb/sqlserver’).

This version of GNU Radius (1.6) supports MySQL and
PostgreSQL servers. It also supports odbc, which can be
used to build interfaces to another database management systems.

With this accounting method enabled, radiusd will store the
information about accounting requests in the configured sql database.
The accounting method is fully configurable: the Radius administrator
defines both the types of requests to be accounted and the information
to be stored into the database (see section SQL Configuration — ‘raddb/sqlserver’).

Another way of implementing your own accounting method is using
an external program. This is less effective than the methods described
above, but may be necessary sometimes. To invoke the program, use
the following statement in the LHS of the ‘hints’ entry:

Acct-Ext-Program = "prognameargs"

The progname must be the full path to the program, and args
any arguments it needs. The usual substitutions may be used in
args to pass any request attributes to the program
(see section Macro Substitution).